Bypass Blitz: Hackers Crack 2FA, Commandeer Networks via Ivanti VPN Zero-Days

Beware the VPN Snare! Cyber crooks are sidestepping two-factor shields and wreaking havoc with Ivanti’s Connect Secure. Zero-days CVE-2023-846805 and CVE-2024-21887 are the keys to their nefarious network joyride. Patch or get patched out! #CybersecurityChaos

Hot Take:

Another day, another duo of deliciously dangerous zero-days! This time, our favorite VPN gatekeepers at Ivanti are serving up vulnerabilities that let hackers sidestep two-factor like a bouncer at a club waving through VIPs. If this was a movie, we’d be yelling, “Don’t open that door!” But it seems the cyber baddies already have the keys and are throwing a network house party. Time to update your software and change your passwords, folks—otherwise, you might as well roll out the red carpet for these uninvited guests!

Key Points:

  • Ivanti’s Connect Secure VPN, the digital bouncer of networks, has been breached with two critical zero-day vulnerabilities—CVE-2023-846805 and CVE-2024-21887.
  • These cybersecurity party crashers allow attackers to bypass two-factor authentication and execute commands, which is about as comforting as a screen door on a submarine.
  • Volexity researchers detailed an attack by threat actor UTA0178 (probably not their birth name), suspected to be a Chinese nation-state-level threat actor with a flair for digital espionage.
  • The vulnerabilities were used to modify files and collect data, essentially a ‘hackers gone wild’ scenario within the compromised networks.
  • With around 15,000 Ivanti appliances exposed online, it’s a race against time for organizations to patch up before hackers exploit the vulnerabilities more widely than a viral dance challenge.